Skip to main content

Tag: malicious packages

18 articles

Cluttered developer workstation with laptop, coding tools, and subtle blockchain diagram in background.

Malicious Vite npm Packages Exploit Blockchain C2 for RAT Delivery

Security researchers have uncovered a sneaky campaign, dubbed ViteVenom, involving seven malicious npm packages that target Vite developers, executing malicious code as soon as they're imported. These packages, published in a matter of days, may have modest download counts, but their stealthy nature raises major red flags for the supply-chain community.

Analyst 207
Python developer workstation with laptop, terminal, and programming notes, hint of Telegram logo in background.

Malicious PyPI Packages Expose Telegram Bot Servers to Hacker Control

Hackers have launched a sneaky attack, hiding malicious code in fake Python packages on PyPI, which can take control of Telegram bot servers and give attackers access to sensitive info like chats, contacts, and environment variables. This backdoor can be activated with a simple command, allowing attackers to execute any Python code on the victim's machine.

Analyst 207
Software development workspace with multiple computer screens and scattered papers.

Mastra Packages Compromised in Software Supply Chain Attack

A massive software supply chain attack just hit Mastra, with over 140 malicious packages published in a single day by a compromised npm account. The swift and coordinated assault, dubbed easy-day-js, unfolded over just two days, catching defenders scrambling to respond.

Analyst 207
Developer workspace with laptop, terminal, and notes, hint of cloud diagram in background.

Malicious npm Packages Target Cloud Credentials

Malicious actors are targeting cloud credentials by publishing fake npm packages that mimic popular projects, allowing them to infiltrate developer environments and gain access to sensitive AWS and Elastic credentials. In just four hours, a single attacker published 14 malicious packages using cleverly disguised names.

Analyst 207
Cluttered workstation with laptops, notebooks, and software boxes shows signs of disarray.

Malicious Packages Exploit Realistic Identities

Malicious open source packages are getting smarter, with 91% using realistic identities and naming-variant tactics to blend in with legitimate projects, making them harder to spot. This shift away from simple typosquatting tricks means developers need to be extra vigilant when adding dependencies to their workflows.

Analyst 207
Software development workspace with a computer screen displaying a blurred graph, surrounded by cables and development tools.

Mini Shai-Hulud Campaign Targets npm Ecosystem with Malicious AntV Packages

A large-scale attack has infected hundreds of popular npm packages, including widely-used data visualization and React components, with malicious updates, putting a vast number of projects and applications at risk. The attackers published 639 malicious versions across 323 unique packages in a fast-moving supply chain operation.

Analyst 207
Malicious PyPI Packages Spread Devastating Malware

Malicious PyPI Packages Spread Devastating Malware

Malicious actors have struck again, this time infiltrating the Python Package Index (PyPI) with tainted versions of popular packages Telnyx and LiteLLM, putting developers' sensitive credentials at risk. Can we trust the software supply chain when even seemingly secure systems can be breached?

Analyst 207
malicious npm packages: Stunning Critical Threat Revealed

malicious npm packages: Stunning Critical Threat Revealed

Researchers uncovered Beamglea — 175 malicious npm packages downloaded about 26,000 times — that quietly hosted credential‑harvesting phishing campaigns against 135+ organizations, a stark reminder that the convenience of open-source packages can become a gateway for large‑scale theft.

Analyst 207
Alarming 188% Annual Increase in Malicious Open Source Packages

Alarming 188% Annual Increase in Malicious Open Source Packages

Discover the shocking 188% annual rise in malicious open source packages and its implications for developers and software security.

Analyst 207
Malicious RubyGems pose as Fastlane to steal Telegram API data

Malicious RubyGems pose as Fastlane to steal Telegram API data

Malicious RubyGems masquerading as Fastlane target Telegram API data—stay alert to protect your systems from these deceptive packages.

Analyst 207
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

Over 70 malicious npm and VS Code packages discovered stealing sensitive data and crypto. Secure your projects and protect your assets.

Analyst 207
Reconnaissance Campaign Active on NPM Repository

Reconnaissance Campaign Active on NPM Repository

A reconnaissance campaign on the NPM repository exposes vulnerabilities and drives urgent calls for stronger security protocols.

Analyst 207
Dozens of malicious packages on NPM collect host and network data

Dozens of malicious packages on NPM collect host and network data

Dozens of malicious NPM packages are covertly collecting host and network data, exposing developers to critical security risks and data breaches.

Analyst 207
Malicious PyPI Packages Use Social Media APIs to Validate User Accounts

Malicious PyPI Packages Use Social Media APIs to Validate User Accounts

Malicious PyPI packages exploit social media APIs to validate user accounts, heightening risk and enabling targeted deception.

Analyst 207
Malicious PyPI packages abuse Gmail, websockets to hijack systems

Malicious PyPI packages abuse Gmail, websockets to hijack systems

Malicious PyPI packages exploit Gmail and websockets to hijack systems, raising cybersecurity concerns and necessitating enhanced threat detection mechanisms.

Analyst 207
The Hidden Dangers of AI-Driven Slopsquatting in Supply Chains

The Hidden Dangers of AI-Driven Slopsquatting in Supply Chains

Explore the hidden dangers of AI-driven slopsquatting in supply chains, revealing risks to efficiency, security, and ethical practices.

Analyst 207
Malicious npm Packages Imitate Telegram Bot API to Install SSH Backdoors on Linux

Malicious npm Packages Imitate Telegram Bot API to Install SSH Backdoors on Linux

Malicious npm packages mimic the Telegram Bot API to install SSH backdoors on Linux, posing serious security risks for developers and systems.

Analyst 207
New Malicious PyPI Package Exploits MEXC Trading API to Hijack Credentials and Orders

New Malicious PyPI Package Exploits MEXC Trading API to Hijack Credentials and Orders

New malicious PyPI package targets MEXC Trading API, hijacking user credentials and orders, posing serious security risks for traders.

Analyst 207